Drive-by shooting suspect remotely wipes iPhone X, catches extra charges
A woman from Schenectady, N.Y. accused of being the driver in a shooting used Apple's remote wipe feature to destroy evidence on her iPhone X that might have been related to the event.
Police suspect Juelle Grant as the driver in the Oct. 23 shooting, which had no injuries, according to the Daily Gazette. Grant is also accused of hiding the shooter's identity, and removing the gun used.
The iPhone was seized as evidence in the case, but police say that shortly after she triggered the remote wipe, an option available via Find My iPhone in iCloud. Normally the tool is intended for people with lost or stolen devices.
Grant was arrested on Nov. 2 -- the only person known to have been arrested in the case so far -- and charged with two counts of tampering with physical evidence, and one count of hindering prosecution. Only one of the tampering counts is connected to the iPhone.
"The defendant was aware of the intentions of the police department at the conclusion of the interview with her," court documents claim.
The Gazette noted that police could have avoided the situation if they'd put the iPhone in a Faraday bag, which would have blocked any wireless signals. It's not clear however if the city actually has any such bags.
Recent iPhones have proven a challenge to law enforcement, though not usually because of remote wipes. Full-disk iOS encryption and end-to-end encryption in apps like Messages can make it difficult or impossible to intercept data, at least without hardware from forensics companies like Cellebrite or Grayshift. It may actually be easier to force a person to unlock an iPhone via Touch ID or Face ID -- in the U.S., criminal suspects can legally refuse to hand over their passcodes.
Police suspect Juelle Grant as the driver in the Oct. 23 shooting, which had no injuries, according to the Daily Gazette. Grant is also accused of hiding the shooter's identity, and removing the gun used.
The iPhone was seized as evidence in the case, but police say that shortly after she triggered the remote wipe, an option available via Find My iPhone in iCloud. Normally the tool is intended for people with lost or stolen devices.
Grant was arrested on Nov. 2 -- the only person known to have been arrested in the case so far -- and charged with two counts of tampering with physical evidence, and one count of hindering prosecution. Only one of the tampering counts is connected to the iPhone.
"The defendant was aware of the intentions of the police department at the conclusion of the interview with her," court documents claim.
The Gazette noted that police could have avoided the situation if they'd put the iPhone in a Faraday bag, which would have blocked any wireless signals. It's not clear however if the city actually has any such bags.
Recent iPhones have proven a challenge to law enforcement, though not usually because of remote wipes. Full-disk iOS encryption and end-to-end encryption in apps like Messages can make it difficult or impossible to intercept data, at least without hardware from forensics companies like Cellebrite or Grayshift. It may actually be easier to force a person to unlock an iPhone via Touch ID or Face ID -- in the U.S., criminal suspects can legally refuse to hand over their passcodes.
Comments
The Gazette is right about the police not properly protecting their evidence. If the courts ultimately throw out the iPhone as evidence it's on them and I hope they learn from their mistakes so that future criminals can be charged and convicted accordingly.
I'm sure this will be used by government officials to demand that Apple disable this privacy and security feature.
You can’t just demand that the police stop using your stuff as evidence, or demand access to it to wipe your fingerprints off it.
Deleting data currently being used by the police as evidence in an ongoing investigation is a no-no.
That was my immediate question, too. It seems like that would be standard protocol. IIRC, when you do a remote wipe, a message comes up on the screen stating as such. It doesn't take long for the wipe signal to go though so it's also possible that they had it in such a bag and took it out to investigate and it was in contact with servers just long enough to trigger the wipe.
There was a court ruling recently that like fingerprints, your face is not 'protected' by the 5th amendment, and police can compel someone to unlock their phone with FaceID. The problem for police departments is that technology and the legal aspects around it are moving quite quickly. I wouldn't be surprised if department policies haven't kept up.
I'm not a lawyer, but my understanding is that in situations where there is reasonable suspicion and a risk that evidence may be lost by the delay police are allowed to search without a warrant. Given the fact that FaceID times out in a couple hours, I would see courts allowing police to open and search a phone without a warrant. In this case, even a contact, call log or iMessage would be relevant and significant to the investigation.
I even wonder if this might preferable for a home where you have an excessive amount of RF affecting the WiFi in your home. Of course, would be to then be on cellular if you were in your yard unless you install a extender past the barrier. Now, windows would allow RF in, but if you severely reduced the RF traffic I'd think your home WiFI would be better off. Note I say this as a hypothetical as I don't encounter this much anymore now that we're well beyond 802.11a/b/g @ 2.4 GHz.
Personally I don’t care since I’m backed up to the cloud and would count on the judicial system to force any access to that but I do want a way to prevent just anyone that gets my iPhone to be able to access my personal data.